Systems and methods for product authentication

ABSTRACT

The present invention relates to systems for product authentication. Unique identifiers are associated with products. Said identifiers are captured through a camera of the client device and transmitted to authentication server; whereupon said authentication server authenticates the products by contacting an authentication database which includes manufacturer-provided authentication information.

This application is a continuation of U.S. patent application Ser. No.15/283,262, filed Sep. 30, 2016, entitled “SYSTEMS AND METHODS FORPRODUCT AUTHENTICATION”, which is incorporated herein in its entirety.

TECHNICAL FIELD

Embodiments of the present invention relate to methods and systems forproduct authentication.

BACKGROUND

The sale of counterfeit and pass off goods is a huge problem around theworld. All types of goods are susceptible, including: pharmaceuticals,clothing, cosmetics, computer products, alcohol, etc. Closely related tothe problem of counterfeit goods, is the problem of gray market goods.In the case of the latter, an authentic product is sold in a market thatis not authorized or explicitly forbidden by the manufacturer saidproduct.

SUMMARY

The present invention relates to both systems and methods for productauthentication. Unique identifiers are associated with products. Saididentifiers are captured through a camera of the client device andtransmitted to authentication server; whereupon said authenticationserver authenticates the products by contacting an authenticationdatabase with manufacturer-provided authentication information.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 shows a setup in which a mobile device provisioned with a clientauthentication application may be used to perform a “scan”, inaccordance with one embodiment of the invention.

FIG. 2 shows a flowchart of a scan operation, in accordance with oneembodiment of the invention.

FIG. 3 illustrates the components of an authentication server, inaccordance with one embodiment of the invention.

FIG. 4 illustrates an organizational structure for an authenticationdatabase, in accordance with one embodiment of the invention.

FIG. 5 illustrates a process to generate a set of random numbers, inaccordance with one embodiment of the invention.

FIG. 6 indicates an organizational structure for an authenticationdatabase, in accordance with one embodiment of the invention.

FIG. 7 shows a flowchart of operations corresponding to a serverauthentication process, in accordance with one embodiment of theinvention.

FIG. 8 shows a flowchart for a database lookup operation, in accordancewith one embodiment of the invention.

FIG. 9 shows an example of stored information about a product, inaccordance with one embodiment of the invention.

FIG. 10 shows an example of the table providing records for each scan,in accordance with one embodiment of the invention.

DETAILED DESCRIPTION OF SOME EMBODIMENTS

In the following description, for purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of the invention. It will be apparent, however, to oneskilled in the art that the invention can be practiced without thesespecific details. In other instances, structures and devices are shownin block diagram form only in order to avoid obscuring the invention.

Referring to FIG. 1, in other to combat the problem of counterfeit andgray goods, in one embodiment, an authentication application (AA) 10 isprovisioned in a client device, such as a mobile phone 12. The AA 10includes a scan function 52 (see FIG. 5) capable of scanning a computerreadable code (CRC) 16 associated with a product 14. The product 14 maygenerally comprise an article of manufacture such as a pharmaceutical,clothing, alcohol, etc. More particularly, CRC 16 may be printed on oraffixed to product packaging associated with the product 14.

In one embodiment, the CRC 16 may comprise an optically readable codeakin to a QR code. Advantageously, the optically readable code maycomprise information to authenticate the product 14. For example, saidinformation may include a unique identifier 20 for the product 14 whichcan be used as part of a consumer-initiated authentication process.

Steps corresponding to the authentication process, in accordance withone embodiment of the invention are shown in the flowchart of FIG. 2.Referring to FIG. 2, the authentication process begins with a scan step24, wherein the consumer 22 launches that AA 10, and activates a “scan”button of the authentication application to trigger the scan function52. This causes a camera of the mobile phone 12 to be activated—anonscreen viewfinder for the camera is turned on. The consumer 22 thenperforms the user-actions of

-   -   (a) pointing the camera at the CRC 16, and (b) shooting an image        of the CRC 16. The image of the CRC 16 may be stored as image        data in a memory of the phone 12.

At block 28, the authentication application 10 sends the authenticationrequest to the authentication server configured to process saidauthentication request. Typically, the authentication server may beaccessible via the World Wide Web, and may comprise a plurality ofcomputing resources organized in accordance with a cloud-based computerarchitecture.

FIG. 3 shows the components of an authentication server 40, inaccordance with one embodiment of the invention. The authenticationserver 40 and the phone 12 are communicatively coupled using well-knowntechnologies. For example, the phone 12 may communicate with theauthentication server 40 by means of a cellular network, which is usedfor transmission of the authentication request. The authenticationrequest is indicated by reference numeral 44 in FIG. 3.

In response to receiving the authentication request 44, theauthentication server 40 generates an authentication response 46 basedon a server authentication process and transmits said response 46 to thephone 12. Thus, at block 30 the authentication application 10 receivesthe authentication response 46. At block 32, the authenticationapplication 10 processes the response 46. Said processing may includeextracting an authentication message from the authentication response 46and displaying the authentication message to the consumer 22.Advantageously, the authentication message may comprise at least oneindication that the product 14 is not authentic. More details about theindications included in the authentication message are provided later.

Referring now to FIG. 3 of the drawings, there is shown a high-levelblock diagram of some components of the authentication server 40, inaccordance with one embodiment of the invention. As will be seen, theserver 40 includes a communications manager 48 configured to send andreceive electronic communications in accordance with variouscommunications protocols from various entities/devices including phone12, and a manufacturer computer 50. Functionally, the authenticationserver 40 orchestrates and performs the server authentication process,which will be described with reference to FIG. 7, in accordance with oneembodiment. As will be seen, the authentication server 40 comprises anauthentication database 52.

FIG. 6 indicates an organizational structure for the authenticationdatabase 52, in accordance with one embodiment of the invention.Referring to FIG. 6, the database 52 comprises a plurality of products60. Each product 60 may be uniquely identified by a SKU number. Eachproduct 60 is mapped to a set 62 of unique identifiers. Each uniqueidentifier in the set 62 may be generated by a manufacturer of theproduct or by some entity authorized to do so by said manufacturer. Forexample, in one embodiment the authentication server 40 may beconfigured to offer an authentication service to manufacturers toauthenticate their products in accordance with the techniques disclosedherein. In the latter case, a service provider of said authenticationservice may be authorized by a manufacturer to generate the set ofunique identifiers for a given product of said manufacturer.

Various techniques may be used to generate the set of uniqueidentifiers, and one of ordinary skill in the art would understand thateach unique identifier must have sufficient bits to reduce thelikelihood of a counterfeiter been able to replicate a number from theset 62. Thus, for example, in one embodiment each random numbercorresponding to a unique identifier in the set 62 may comprise 128 bitswhich would make about 3.4×10̂38 random numbers available for inclusionin the set 62. In this case, because the number of random numbersavailable for use as unique identifiers is very high, the likelihood ofa counterfeiter being able to correctly identify the numbers in the set62 is very small.

FIG. 5 illustrates a process, in accordance with one embodiment, togenerate the set of random numbers 62. As will be seen, the processincludes inputting two numbers N1 and N2 into the random numbergenerator (RNG) 66. The number N1 specifies the number of digits that arandom number output by the random number generator 66 must have. Thenumber N2 specifies the number of random numbers within the set 62 ofrandom numbers. For example, a manufacturer of lipstick may instruct aservice provider implementing the authentication techniques and systemsdisclosed herein to generate a million random numbers (this numbercorresponds to the number N2) to be used in the authentication oflipsticks made by the manufacturer. Thus, the set 62 will comprise onemillion random numbers. In one embodiment, the service provider mayoperate on an on-demand basis to generate random numbers to be used inthe authentication of various products by various manufacturers. Thismeans that when a manufacturer requires a certain number of randomnumbers, then said manufacturer will make your request to the serviceprovider to generate that number of random numbers.

Once the random numbers are generated, there are various use cases thatmay be employed in order to produce the computer-readable codes thateach embody a random number. Under the first use case, random numbersare given to the manufacturer who may then oversee operations to placethe random numbers on product packaging. In one embodiment, an encodermay be provided to the manufacturer to enable the manufacturer to encodeeach random number in a computer-readable code. Each computer-readablecode may be printed on a sticker or label which may be affixed toproduct packaging.

Under the second use case, under the authority of the manufacturer, theauthentication service provider may oversee operations to place therandom numbers on product packaging for the products associated with themanufacturer. For example, in the latter case the authentication serviceprovider may liaise directly with a factory charged with the task ofproducing packaging that is to bear computer readable codes disclosedherein.

Under yet a further use case, the third-party service provider mayproduce a set of computer-readable codes, each encoding a random numberproduced in accordance with the techniques disclosed herein. Thecomputer-readable codes may be stored in a data file wishes and suppliedto the manufacturer or the factory associated with the manufacturing ofthe product on which the codes must be placed. Thus, the manufacturer orthe factory manages the process of getting the computer-readable codeson the relevant packaging.

Referring again to FIG. 3 of the drawings, it will be seen that theauthentication server 40 also includes an authentication engine 54. Inone embodiment, the authentication engine 54 is configured to run theserver authentication process which will be described with reference toFIG. 7. In one embodiment, the authentication engine 54 may also includean analytics engine 55 to perform certain analytic functions in order togenerate guidance as to whether a particular product is likelycounterfeited or not.

Referring to FIG. 7, there is shown a flowchart of operationscorresponding to the server authentication process, in accordance withone embodiment of the invention. The server authentication processbegins with block 70, wherein the authentication request 44 is receivedfrom the client device. At block 72, control forks either to a decodeblock 74, or to a database look up block 76. Basically, if theauthentication request includes the unique identifier 20 then controlpasses is directly to the database look up block 76. However, if insteadof having the unique identifier 20, the authentication request includesthe original image of the computer-readable code, then the decode block74 is executed in order to decode the computer-readable code thereby toextract the unique identifier 20. The processing under the database lookup block 76, in one embodiment, may include the steps shown in FIG. 8.Referring to FIG. 8, at block 90 a determination is made as to whetherthe unique identifier 20 is in the authentication database 50. If theunique identifier 20 is not in the database 50, then control process toblock 82 (see FIG. 7), otherwise control passes to block 92. The block92, in one embodiment, is responsible for retrieving stored informationabout the product associated with the unique identifier 20 the found inthe authentication database 50. If more details about said storedinformation will be provided later. At block and 94, the retrievedstored information is passed to the analytics engine 55 which thenexecutes an analytics process in order to generate guidance as towhether or not the product associated with the unique identifier 20 iscounterfeited or not, as will be explained later.

Referring now to FIG. 9, of the drawings, there is shown an example ofthe stored information about a product mentioned above. As will be seen,said stored information includes columns 100-114. Moving from left toright, the column 100 records the unique IDs, the column 102 recordsproduct ID's, for example in the form of SKU numbers, the column 104records product descriptions, the column 106 stores at least one imageassociated with the product, the column 108 records the number of scansassociated with each unique identifier, the column 110 recordsinformation the consumer responsible for a particular scan; the column112 records information on the location at which the scan was made; andthe column 114 records the time stamp to indicate the time and which thescan was performed.

In one embodiment, a manufacturer operates a manufacturer computer 50which interfaces with the authentication database 52 by means of asuitable API whereby said manufacturer computer 50 may provision some ofthe stored information shown in FIG. 9. For example, the manufacturermay provide the product descriptions, and the product images.Information regarding the number of scans, who initiated the scan, thelocation of the scan, and the time of the scan may be extracted frominformation included in the authentication request. In one embodiment,the identity of the person making the scan is determined based on acustomer ID assigned to the customer 22 to as part of signup processwith the authentication service provider. The authentication application10 may be configured to include the customer ID in the authenticationrequest transmitted to the authentication server. To determine thenumber of scans, maintains a counter which is implemented each time ascan is received with a particular unique identifier 22.

In one embodiment, the analytics engine 55 analyzes the storedinformation, in order to provide guidance as to whether a particularproduct is likely counterfeited or not. For example, this guidance mayinclude an indication that the unique identifier 20 associated with theproduct authentication request 44 exists in the authentication database52. Suppose that the product associated with the product identifier 20comprises a particular type of lipstick. In one embodiment, analysis ofthe stored information associated with the product (lipstick) mayinclude making inferences as to whether the lipstick is counterfeited ornot based on analysis of the number of scans, the person making eachscan, the location of the scans, the time stamps associated with eachscan, and the nature of the product in respect of which theauthentication request is being made. For example, if the number ofscans is a zero one can conclude that the list it is not counterfeited.The guidance regarding whether the particular product associated withthe unique identifier 20 in the database 52 is likely counterfeited notmay be influenced by the number of scans associated with the uniqueidentifier 20, and the location of each scan. For example, consider FIG.10 which shows a table 119 recording each scan associated with aproduct. The table 119 may be provisioned in the authentication database52 and includes a column 120 wherein a number or ID is assigned to eachscan, and a column 122 to record the location of each scan identified inthe column 120. The location of the scan may be expressed in differentways such as by a store ID for a store at which the scan was initiated,or by a Zip-code associated with said store. To determine the locationof a scan, location sensor data generated by the mobile phone 12 may beused. The table 119 may be used in various ways to determine whether aproduct is likely counterfeited or not. For example, ordinarily, a highnumber of scans for a product might be an indication that the product iscounterfeited. However, if the locations of the scans are all the samethen the inference can be made that one is dealing with the situationwhere the product is likely on a shelf within a store, where it is beingscanned by potential customers. This would explain the multiple scansfor the product. However, if the scans happen to be from differentlocations then this may be regarded as an indication that at least oneof the scans is associated with a counterfeited product.

Several use cases relating to scans will now be described:

Use case 1: for this use case, the unique identifier 20 is in theauthentication database 52, but there are no previous scans recordedagainst the identifier. The guidance for this use case might includeinformation about the product associated with the unique identifier 20.Said information might include a description of the product, and anyimage associated with the product and may be used by the consumer tohelp said customer to determine if the product is counterfeited or not.For example, if the product description or its image does not match theactual product that was scanned, then the consumer would understand thatthe product is likely counterfeited.

Use case 2: there are multiple scans associated with the uniqueidentifier 20, in the authentication database 52. For this use case, thelocation data will be analyzed in order to provide the guidance, asdescribed above.

Use case 3: there are multiple scans, but other information is availablein order to provide guidance on whether the product associated with themultiple scans is likely counterfeited or not. For example, consider thecase where the product is an expensive handbag by a brand namemanufacturer. If the scan data indicates that the handbag was scanned attwo different locations at the same time, then one of the handbag scansis likely to be associated with a counterfeited product. However, if thescan data indicates that the handbag was scanned at different locationsat different times, then the handbag might not necessarily becounterfeited as the subsequent scan might have been initiated by aprospective purchaser of the handbag as a second-hand item. The natureof the product may also play a role in distinguishing whether theproduct is counterfeited or not. For example, if the product is known tolikely have a secondhand market, then subsequent scans may be explainedas being scans by a subsequent purchaser. However, not all products arelikely to have a secondhand market. For example, the products such aspowdered milk is not likely to be sold secondhand. Thus, in oneembodiment the analytics engine can use information about subsequentscans, and the nature of the product being scanned in order to assesswhether the product is being counterfeited.

In some embodiments, additional information may be provided to aconsumer in an authentication response. For example, such additionalinformation may include a product's expiration date. This might beuseful in some markets and for some products. For example, in developingmarkets products such as pharmaceuticals that are expired are sometimesoffered for sale after the expiration date. Thus, information and theproducts expiration date would be useful to a consumer. In some cases,the additional information may include the properties of a product.Again, in the case of a pharmaceutical, say in the form of a pill itcould be useful for a consumer to know the color, shape, smell and othercharacteristics so as to avoid purchasing a counterfeited product.

In one embodiment, in order to assist manufacturers to combat theproblem of counterfeit goods, the authentication server may beconfigured to maintain a history database 58 for storing informationabout a class of authentication requests for which no matching uniqueidentifier exists in the authentication database 52. The informationstored in the database 58 may include for each authentication request insaid class, an image of the product associated with the authenticationrequest, and the location of the scan. In one embodiment, theauthentication server may be configured analyze the data in the case todatabase 58 to identify patterns that may assist identifying counterfeitgoods. For example, if there are multiple scans in the database 58 froma single location and a retailer associated with the location may beflagged as dealing in counterfeited goods This information may bereported to a manufacturer by a reporting module 60 (see FIG. 3), andmay be used by the manufacturer to proactively take steps to stop thesale of counterfeit goods by said retailer.

In some cases manufacturers may provision the database 52 withinformation on the markets wherein a product may be legitimately sold.For example, the particular product of a manufacturer may legitimatelybe sold in a first market, say India, but not in a second market, sayAustralia. This information may be used to detect cases where a productis legitimate, but not authorized for sale in a market. Informationabout the sale of the manufacturer's goods in unauthorized markets maybe reported to a manufacturer by the reporting module 60, in accordancewith one embodiment of the invention.

Thus, embodiments of the invention involve printing a randomly assignedproduct ID number on product packages of authorized manufacturers as acomputer-readable code. As printed, the computer-readable code isidentifiable by consumers and readable by ubiquitous, connected, andconsumer-owned devices. The techniques disclosed herein are capable ofcollecting additional data points at the time of reading/scanning (suchadditional information includes, but is not limited to time, location,corresponding device ID, user ID with associated prior user-behavior,etc.) In one embodiment, the randomly assigned product ID number islinked to a private, non-publicly accessible database comprising productspecific information (e.ge packaging photo, manufacturer/product names,package size, etc.), sufficient to indicate to consumers whether ascanned product ID matches an actual product and its packaging. Thetechniques disclosed herein may be used to identify invalid product IDsas counterfeit and products without product ID as pass offs, whileflagging user IDs indicative of counterfeit or otherwise fraudulentactivity. An example of an activity that is so indicative may includethe case where someone repeatedly tries to access the system in order toidentify or validate product ID numbers and linked product SKUs. In someembodiments, the techniques disclosed herein may be advantageously beused to identify retailers who participate in the distribution ofcounterfeit products.

The features/functions of the platform and client app described abovemay be implemented as modules. As used herein, the term “module” mightdescribe a given unit of functionality that can be performed inaccordance with one or more embodiments of the present invention. Asused herein, a module might be implemented utilizing any form ofhardware, software, or a combination thereof. For example, one or moreprocessors, controllers, ASICs, PLAs, PALs, CPLDs, FPGAs, logicalcomponents, software routines or other mechanisms might be implementedto make up a module. In implementation, the various modules describedherein might be implemented as discrete modules or the functions andfeatures described can be shared in part or in total among one or moremodules. In other words, as would be apparent to one of ordinary skillin the art after reading this description, the various features andfunctionality described herein may be implemented in any givenapplication and can be implemented in one or more separate or sharedmodules in various combinations and permutations. Even though variousfeatures or elements of functionality may be individually described orclaimed as separate modules, one of ordinary skill in the art willunderstand that these features and functionality can be shared among oneor more common software and hardware elements, and such descriptionshall not require or imply that separate hardware or software componentsare used to implement such features or functionality.

Where components or modules of the invention are implemented in whole orin part using software, in one embodiment, these software elements canbe implemented to operate with a computing or processing module capableof carrying out the functionality described with respect thereto. Afterreading this description, it will become apparent to a person skilled inthe relevant art how to implement the invention using other computingmodules or architectures. Modules might be implemented using ageneral-purpose or special-purpose processing engine such as, forexample, a microprocessor, controller, or other control logic. In theillustrated example, the modules could be connected to a bus, althoughany communication medium can be used to facilitate interaction withother components of computing modules or to communicate externally.

A computing server might also include one or more memory modules, simplyreferred to herein as main memory. For example, preferably random accessmemory (RAM) or other dynamic memory, might be used for storinginformation and instructions to be executed by processor. Main memorymight also be used for storing temporary variables or other intermediateinformation during execution of instructions to be executed byprocessor. Computing module might likewise include a read only memory(“ROM”) or other static storage device coupled to bus for storing staticinformation and instructions for processor.

The database module might include, for example, a media drive and astorage unit interface. The media drive might include a drive or othermechanism to support fixed or removable storage media. For example, ahard disk drive, a floppy disk drive, a magnetic tape drive, an opticaldisk drive, a CD, DVD or Blu-ray drive (R or RW), or other removable orfixed media drive might be provided. Accordingly, storage media mightinclude, for example, a hard disk, a floppy disk, magnetic tape,cartridge, optical disk, a CD, DVD or Blu-ray, or other fixed orremovable medium that is read by, written to or accessed by media drive.As these examples illustrate, the storage media can include a computerusable storage medium having stored therein computer software or data.

In alternative embodiments, the database module might include othersimilar instrumentalities for allowing computer programs or otherinstructions or data to be loaded into computing module. Suchinstrumentalities might include, for example, a fixed or removablestorage unit and an interface. Examples of such storage units andinterfaces can include a program cartridge and cartridge interface, aremovable memory (for example, a flash memory or other removable memorymodule) and memory slot, a PCMCIA slot and card, and other fixed orremovable storage units and interfaces that allow software and data tobe transferred from the storage unit to computing module.

The communications module might include various communicationsinterfaces such as an Ethernet, network interface card, WiMedia, IEEE802.XX or other interface), or other communications interface. Datatransferred via communications interface might typically be carried onsignals, which can be electronic, electromagnetic (which includesoptical) or other signals capable of being exchanged by a givencommunications interface. These signals might be provided tocommunications interface via a channel. This channel might carry signalsand might be implemented using a wired or wireless communication medium.Some examples of a channel might include a phone line, a cellular link,an RF link, an optical link, a network interface, a local or wide areanetwork, and other wired or wireless communications channels.

Although the invention is described above in terms of various exemplaryembodiments and implementations, it should be understood that thevarious features, aspects and functionality described in one or more ofthe individual embodiments are not limited in their applicability to theparticular embodiment with which they are described, but instead can beapplied, alone or in various combinations, to one or more of the otherembodiments of the invention, whether or not such embodiments aredescribed and whether or not such features are presented as being a partof a described embodiment. Thus, the breadth and scope of the presentinvention should not be limited by any of the above-described exemplaryembodiments.

Terms and phrases used in this document, and variations thereof, unlessotherwise expressly stated, should be construed as open ended as opposedto limiting. As examples of the foregoing: the term “including” shouldbe read as meaning “including, without limitation” or the like; the term“example” is used to provide exemplary instances of the item indiscussion, not an exhaustive or limiting list thereof; the terms “a” or“an” should be read as meaning “at least one,” “one or more” or thelike; and adjectives such as “conventional,” “traditional,” “normal,”“standard,” “known” and terms of similar meaning should not be construedas limiting the item described to a given time period or to an itemavailable as of a given time, but instead should be read to encompassconventional, traditional, normal, or standard technologies that may beavailable or known now or at any time in the future. Likewise, wherethis document refers to technologies that would be apparent or known toone of ordinary skill in the art, such technologies encompass thoseapparent or known to the skilled artisan now or at any time in thefuture.

The presence of broadening words and phrases such as “one or more,” “atleast,” “but not limited to” or other like phrases in some instancesshall not be read to mean that the narrower case is intended or requiredin instances where such broadening phrases may be absent. The use of theterm “module” does not imply that the components or functionalitydescribed or claimed as part of the module are all configured in acommon package. Indeed, any or all of the various components of amodule, whether control logic or other components, can be combined in asingle package or separately maintained and can further be distributedin multiple groupings or packages or across multiple locations.

Additionally, the various embodiments set forth herein are described interms of exemplary block diagrams, flow charts and other illustrations.As will become apparent to one of ordinary skill in the art afterreading this document, the illustrated embodiments and their variousalternatives can be implemented without confinement to the illustratedexamples. For example, block diagrams and their accompanying descriptionshould not be construed as mandating a particular architecture orconfiguration.

1. A system for authentication of an article of manufacture, said systemcomprising an authentication server communicably connected to a clientdevice and a manufacturer, wherein the system is configured to: generatea set of unique identifiers to be associated with a plurality ofarticles of manufacture; associate on a one-to-one basis a singleidentifier from said set with a single instance of the article ofmanufacture from said plurality of articles of manufacture; perform atleast one authentication operation in response to receiving anauthentication request from a client device; enable each of a pluralityof client devices to generate an authentication request and transmit tosaid authentication server, wherein said authentication request is toauthenticate a particular instance of an article of manufacture fromsaid plurality of articles of manufacture by scanning an identifierassociated to the particular instance of an article of manufacture,responsive to receiving said authentication request from said clientdevice, perform by said authentication server said at least oneauthentication operation comprising transmission of a request to anauthentication database provisioned with manufacturer-derivedauthentication information to enable authentication of the particularinstance of the article of manufacture; and transmit a response to saidapplication request from said client device to said client device. 2.The system of claim 1, further configured to maintain saidauthentication database in a secure manner wherein access thereto by thegeneral public is not allowed.
 3. The system of claim 1, whereinassociation of each identifier with the instance of the article ofmanufacture comprises encoding said identifier as a computer-readablecode.
 4. The system of claim 3, wherein said computer-readable code isan optically-readable code.
 5. The system of claim 1, wherein theassociation of each identifier with an instance of the article ofmanufacture comprises association of the optically-readable code for theidentifier with the instance of the article of manufacture.
 6. Thesystem of claim 1, wherein the manufacturer-derived authenticationinformation comprises manufacturer-images associated with the article ofmanufacture.
 7. The system of claim 1, wherein said authenticationrequest comprises information capable of identifying a particularlocation where said authentication request originated.